VLAN Best Practices
These are some general guidelines in creating VLANs. A VLAN creates a boundary between devices, so the goal is to plan the boundaries that will improve network functionality and security.
- Grouping devices by traffic patterns - Devices that communicate extensively between each other are good candidates to be grouped into a common VLAN.
- Grouping devices for security - It is often a good practice to put servers and key infrastructure in their own VLAN, isolating them from the general broadcast traffic and enabling greater protection.
- Grouping devices by traffic types - As discussed in this How To, VoIP quality is improved by isolating VoIP devices to their own VLAN. Other traffic types may also warrant their own VLAN. Traffic types include network management traffic, IP multicast traffic such as video, file and print services, email, Internet browsing, database access, shared network applications, and traffic generated by peer-to-peer applications.
- Grouping devices geographically - In a network with limited trunking, it may be beneficial to combine the devices in each location into their own VLAN.
More VLAN Technologies
In this How To, I've configured static VLANs. A static VLAN is created by assigning switch ports to specific VLAN numbers. Some switches may support dynamic VLANs, which are created by assigning MAC addresses to VLAN numbers. Dynamic VLANs are a less common way to configure VLANs and are more resource intensive to build and maintain. But they do enable mobility of devices while retaining VLAN boundaries.
As discussed, I didn't use VLAN Trunking in this example. If I had multiple VLAN-aware switches, I would likely have employed Trunking to enable distributed VLAN configurations.
The standard protocol for VLAN Tagging is 802.1Q, sometimes referred to as Dot1Q. If you're selecting a VLAN capable device, you'll want to ensure this protocol is supported for interoperability, especially if you're going to use it in VLAN trunking applications. The ability to change a port's PVID usually comes along with 802.1Q capability.
The Linksys SRW2008 is a nice switch for creating VLANs on your small network. Each of its eight ports support gigabit Ethernet, so it could serve as a central switch connected to multiple other switches. You could use less-expensive unmanaged switches to group devices, and connect each unmanaged switch to a port on the SRW, using the SRW's VLAN capability to break up the broadcast domains and maximize available bandwidth.
However, pretty much any managed or "smart" switch supports port-based VLANs, which is sufficient to implement the example in this article. Use the Gigabit Smart Switch Feature Comparison Table to explore other VLAN-capable products. Note, however, that the TrendNet TEG-160WS can't be used because it doesn't allow you to change port PVIDs.
A final plus to using VLANs is network design. VLANs enable segmentation and grouping, which are recognized elements of good network design. Good design makes network growth and maintenance easier. Being able to eliminate all the devices in one VLAN as a possible cause of a problem in the other VLAN is a helpful and immediate benefit of having VLANs in your network.
With the right equipment and good planning, implementing a VLAN is straightforward. Take your time and follow these steps, and you'll be rewarded with more bandwidth, increased security, and a better-designed network.